Worm.Win32.NetBooster gefunden |
||
---|---|---|
#0
| ||
12.08.2008, 13:35
Member
Beiträge: 11 |
||
|
||
12.08.2008, 13:59
Member
Beiträge: 13 |
#2
hey maddin
Ok du bist erst 21 (wenn ich die 87 als buajahr nehme), aber lies dir mal bitte des Forum durch... da gibts so geniale Hilfen, damit dir die Pro Leute hier auch helfen können: http://board.protecus.de/t23187.htm greetz __________ Ich lebe ewig! (bisher erfolgreich) |
|
|
||
12.08.2008, 15:55
Member
Themenstarter Beiträge: 11 |
#3
ok, habe alle schritte durchgeführt. hier die log von malwarebytes:
Malwarebytes' Anti-Malware 1.24 Datenbank Version: 1043 Windows 5.1.2600 Service Pack 2 15:09:09 12.08.2008 mbam-log-8-12-2008 (15-09-09).txt Scan-Methode: Vollständiger Scan (C:\|D:\|) Durchsuchte Objekte: 114372 Laufzeit: 59 minute(s), 35 second(s) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 29 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 19 Infizierte Verzeichnisse: 15 Infizierte Dateien: 41 Infizierte Speicherprozesse: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Unloaded process successfully. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\logicfunctions.logicfunctions (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\logicfunctions.logicfunctions.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a199cfdd-c0a2-4b07-bd86-d0a414ed438a} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\LogicFunctions (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{51b25684-9177-4b62-8c6c-1cd2e0988451} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{70595c39-71ae-4550-a9f4-0a93078088d9} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4ee78269-9696-4826-9d4e-0d171759ff18} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8a11bbe3-e0b5-40fb-9d86-e08a52b51b47} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{77537ed9-1ef2-4673-b411-531b47f25ca6} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cd60034c-7891-4359-b456-8f35690eb6e4} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ec619398-4411-44ca-bd26-f7685d6d177b} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25f82259-85de-46b8-ac72-d84f8fc77ac5} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25f82259-85de-46b8-ac72-d84f8fc77ac5} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bgrqfetx.bbtq (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bgrqfetx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8a11bbe3-e0b5-40fb-9d86-e08a52b51b47} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76416-OEM-0011903-00117) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Programme\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\AntiSpywareExpert (Rogue.AntiSpywareExpert) -> Quarantined and deleted successfully. C:\Programme\Antivirus 2008 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Programme\Antivirus 2008\Infected (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Programme\Antivirus 2008\Suspicious (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Programme\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\services\services.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Programme\Antivirus 2008\Antivirus-2008.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\ebdx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\xokvrpwg.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Programme\Antivirus 2008\vscan.tsi (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Programme\Antivirus 2008\zlib.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Programme\PCPrivacyCleaner\pcpc.exe (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080805012414234.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080805014054406.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080805100840046.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080805211334703.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080806223956484.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080807104717171.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080807220311265.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080808204838937.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080808222458671.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080809204016875.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080810000639984.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080810151922828.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080810192456515.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080811104842343.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080812105633093.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080812123553875.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080812132306703.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Secure Solutions\Antispyware 2008 XP\LOG\20080812140517593.log (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\tfnslopk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\lnvegaow.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\bgrqfetx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\wnlmdakqoxv.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\TmpRecentIcons\Antivirus-2008.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\TmpRecentIcons\PCPrivacyCleaner.lnk (Rogue.Link) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Juliane Wagner\Desktop\Antivirus-2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Juliane Wagner\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Juliane Wagner\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Juliane Wagner\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Juliane Wagner\Favoriten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Juliane Wagner\Favoriten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Juliane Wagner\Favoriten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. |
|
|
||
12.08.2008, 16:16
Moderator
Beiträge: 7805 |
||
|
||
12.08.2008, 16:20
Member
Themenstarter Beiträge: 11 |
#5
ok hier combofix:
ComboFix 08-08-11.01 - Juliane Wagner 2008-08-12 15:23:28.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.651 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Juliane Wagner\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color] . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\system32\iehelper.dll C:\WINDOWS\system32\MabryObj.dll C:\WINDOWS\system32\Msglixgrx.dll ----- BITS: Eventuell infizierte Webseiten ----- hxxp://hqvideoporn.com . ((((((((((((((((((((((( Dateien erstellt von 2008-07-12 bis 2008-08-12 )))))))))))))))))))))))))))))) . 2008-08-12 12:47 . 2008-08-12 12:47 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-08-12 12:47 . 2008-08-12 12:47 <DIR> d-------- C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\Malwarebytes 2008-08-12 12:47 . 2008-08-12 12:47 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-08-12 12:47 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-12 12:47 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-05 01:24 . 2008-08-12 15:09 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\services 2008-07-27 17:26 . 2008-07-27 17:26 <DIR> d-------- C:\Programme\gs 2008-07-27 17:26 . 2008-07-27 17:26 <DIR> d-------- C:\Programme\FreePDF_XP 2008-07-27 17:26 . 2008-07-27 17:35 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\FreePDF 2008-07-27 17:26 . 2005-01-06 18:33 119,152 --a------ C:\WINDOWS\system32\redmon.hlp 2008-07-27 17:26 . 2005-01-06 18:33 116,224 --a------ C:\WINDOWS\system32\redmonnt.dll 2008-07-27 17:26 . 2005-01-06 18:33 45,056 --a------ C:\WINDOWS\system32\unredmon.exe 2008-07-25 20:36 . 2008-08-12 11:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater 2008-07-20 17:54 . 2008-07-20 17:59 <DIR> d-------- C:\Programme\1&1 . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-12 08:58 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic 2008-08-04 21:57 --------- d-----w C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\uTorrent 2008-08-01 12:00 --------- d-----w C:\Programme\Google 2008-07-28 15:21 --------- d-----w C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\Canon 2008-07-15 20:45 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Super X Studios 2008-07-08 14:59 --------- d-----w C:\Programme\Ilusion Software 2008-07-08 13:46 --------- d-----w C:\Programme\GV Everest Pokernet 2008-06-20 17:36 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:57 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-09 15:45 921,632 ----a-w C:\PA7311.DAT 2008-01-22 19:45 274 ----a-w C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\wklnhst.dat 2007-04-12 17:36 14 ----a-w C:\Dokumente und Einstellungen\Juliane Wagner\getfile.dat 2007-03-22 12:22 57,816 ----a-w C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2005-02-22 08:55 1611488] "AnyDVD"="C:\Programme\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-09 16:08 1600448] "ICQ"="C:\Programme\ICQ6\ICQ.exe" [2008-04-01 12:40 172280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-09 09:25 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-09 09:25 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-09 09:25 114688] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "FLMOFFICE4DMOUSE"="C:\Programme\Browser MOUSE\mouse32a.exe" [2005-12-22 14:30 360448] "HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152] "DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592] "Sony Ericsson PC Suite"="C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 16:15 266497] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320] "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "SoundMan"="SOUNDMAN.EXE" [2005-09-21 10:24 86016 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2005-09-21 15:32 2807808 C:\WINDOWS\ALCWZRD.EXE] "SMSERIAL"="sm56hlpr.exe" [2005-08-12 11:09 552960 C:\WINDOWS\sm56hlpr.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Dokumente und Einstellungen\Juliane Wagner\Startmen\Programme\Autostart\ reminder-ScanSoft Produkt Registrierung.lnk - C:\Programme\Caere\OmniPagePro90\EREG\REMIND32.EXE [2006-01-28 03:13:04 45056] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472] HP Photosmart Premier - Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728] Kodak EasyShare Software.lnk - C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-06-25 07:25:38 614531] Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispSettingPage"= 1 (0x1) [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk backup=C:\WINDOWS\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\MSN Messenger\\msnmsgr.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Programme\\ICQ6\\ICQ.exe"= "C:\\Programme\\Messenger\\msmsgs.exe"= "C:\\Programme\\BearShare Applications\\BearShare\\BearShare.exe"= "C:\\Programme\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"= "C:\\Programme\\uTorrent\\uTorrent.exe"= S3 PAC7311;VGA SoC PC-Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-06-27 19:09] S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE30bus.sys [2006-05-15 15:45] S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE30mdfl.sys [2006-05-15 15:45] S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE30mdm.sys [2006-05-15 15:45] S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE30mgmt.sys [2006-05-15 15:45] S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);C:\WINDOWS\system32\DRIVERS\se30nd5.sys [2006-05-15 15:45] S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE30obex.sys [2006-05-15 15:45] S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);C:\WINDOWS\system32\DRIVERS\se30unic.sys [2006-05-15 15:45] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . - - - - Entfernte verwaiste Registrierungseinträge - - - - BHO-{F2BE4899-1F7F-4108-9AE5-76E83BE48EE7} - C:\WINDOWS\system32\dssec32.dll HKCU-Run-updateMgr - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe HKLM-Run-RealTray - C:\Programme\Real\RealPlayer\RealPlay.exe MSConfigStartUp-PC Connection Agent - C:\Programme\Microsoft ActiveSync\wcescomm.exe . ------- Zusätzlicher Scan ------- . FireFox -: Profile - C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\Mozilla\Firefox\Profiles\xn6630rv.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.de/ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-12 15:25:58 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-08-12 15:27:33 ComboFix-quarantined-files.txt 2008-08-12 13:27:25 Pre-Run: 25 Verzeichnis(se), 11,560,566,784 Bytes frei Post-Run: 29 Verzeichnis(se), 11,545,432,064 Bytes frei 155 --- E O F --- 2008-07-08 17:47:20 -------------------------------------------------------------------------------------------- und hier hjt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:36:25, on 12.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\ScsiAccess.EXE C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\sm56hlpr.exe C:\Programme\Browser MOUSE\mouse32a.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\DAEMON Tools\daemon.exe C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\Programme\FreePDF_XP\fpassist.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\Caere\OmniPagePro90\EREG\REMIND32.EXE C:\Programme\HP\Digital Imaging\bin\hpqimzone.exe C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\explorer.exe C:\Dokumente und Einstellungen\Juliane Wagner\Desktop\hjack\HJT.exe C:\WINDOWS\system32\HPZipm12.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://antivir--2008.com/purchase.php?aff= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\tbu10\toolbaru.dll R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare applications\BearShare MediaBar\MediaBar.dll R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\tbu10\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: XBTP02634 Class - {F97DA966-F09D-4cab-BF29-75A0026986EA} - C:\PROGRA~1\BEARSH~1\BEARSH~2\MediaBar.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\tbu10\toolbaru.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare applications\BearShare MediaBar\MediaBar.dll O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAShCut.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: reminder-ScanSoft Produkt Registrierung.lnk = C:\Programme\Caere\OmniPagePro90\EREG\REMIND32.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: CompuServe - {e81574a9-bd71-46d7-a379-07ba054d1c03} - c:\Programme\CompuServe 4.0\CompuServe StarterKit 4.0\NavCSO.exe O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.freenet.de O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab?nocache=20071219-1 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1205532131 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 9345 bytes |
|
|
||
12.08.2008, 16:38
Moderator
Beiträge: 7805 |
#6
Loesche bitte folgende Dateien:
C:\PA7311.DAT C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\wklnhst.dat C:\Dokumente und Einstellungen\Juliane Wagner\getfile.dat C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\GDIPFONTCACHEV1.DAT Hake folgende Dinge in hijackthis an und druecke fix checked: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://antivir--2008.com/purchase.php?aff= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\tbu10\toolbaru.dll R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare applications\BearShare MediaBar\MediaBar.dll Dann starte neu und mache einen neuen Test mit Drweb Cureit. Das wird auch noch einiges finden... http://board.protecus.de/t29350-1.htm#270097 __________ MfG Ralf SEO-Spam Hunter |
|
|
||
12.08.2008, 20:09
Member
Themenstarter Beiträge: 11 |
#7
so, bin fertig damit:
mediabar.dll c:\programme\bearshare applications\bearshare mediabar Adware.Softomate Verschoben. data045\data006 C:\Dokumente und Einstellungen\Juliane Wagner\Desktop\Nicht verwendete Desktopverknüpfungen\BearShareV6int.exe\data045 Adware.Softomate data045 C:\Dokumente und Einstellungen\Juliane Wagner\Desktop\Nicht verwendete Desktopverknüpfungen\BearShareV6int.exe Archiv enthält infizierte Objekte BearShareV6int.exe C:\Dokumente und Einstellungen\Juliane Wagner\Desktop\Nicht verwendete Desktopverknüpfungen Archiv enthält infizierte Objekte Verschoben. Everest Pokernet.exe C:\Dokumente und Einstellungen\Juliane Wagner\Desktop\Nicht verwendete Desktopverknüpfungen Trojan.Fakealert Gelöscht. A0040164.dll C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP160 Adware.Softomate Verschoben. data045\data006 C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP160\A0040165.exe\data045 Adware.Softomate data045 C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP160\A0040165.exe Archiv enthält infizierte Objekte A0040165.exe C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP160 Archiv enthält infizierte Objekte Verschoben. A0040166.exe C:\System Volume Information\_restore{059F989E-BD31-474B-A47E-7C448FD3C978}\RP160 Trojan.Fakealert Gelöscht. grüße maddin |
|
|
||
13.08.2008, 08:07
Moderator
Beiträge: 7805 |
||
|
||
13.08.2008, 11:21
Member
Themenstarter Beiträge: 11 |
#9
ComboFix 08-08-12.01 - Juliane Wagner 2008-08-13 11:14:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.626 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Juliane Wagner\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt [color=red]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/color] . ((((((((((((((((((((((( Dateien erstellt von 2008-07-13 bis 2008-08-13 )))))))))))))))))))))))))))))) . 2008-08-12 17:15 . 2008-08-12 17:17 <DIR> d-------- C:\Dokumente und Einstellungen\Juliane Wagner\DoctorWeb 2008-08-12 12:47 . 2008-08-12 12:47 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware 2008-08-12 12:47 . 2008-08-12 12:47 <DIR> d-------- C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\Malwarebytes 2008-08-12 12:47 . 2008-08-12 12:47 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2008-08-12 12:47 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-12 12:47 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-05 01:24 . 2008-08-12 15:09 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\services 2008-07-27 17:26 . 2008-07-27 17:26 <DIR> d-------- C:\Programme\gs 2008-07-27 17:26 . 2008-07-27 17:26 <DIR> d-------- C:\Programme\FreePDF_XP 2008-07-27 17:26 . 2008-07-27 17:35 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\FreePDF 2008-07-27 17:26 . 2005-01-06 18:33 119,152 --a------ C:\WINDOWS\system32\redmon.hlp 2008-07-27 17:26 . 2005-01-06 18:33 116,224 --a------ C:\WINDOWS\system32\redmonnt.dll 2008-07-27 17:26 . 2005-01-06 18:33 45,056 --a------ C:\WINDOWS\system32\unredmon.exe 2008-07-25 20:36 . 2008-08-12 11:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater 2008-07-20 17:54 . 2008-07-20 17:59 <DIR> d-------- C:\Programme\1&1 . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-13 09:07 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic 2008-08-12 22:22 --------- d-----w C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\uTorrent 2008-08-12 14:25 --------- d-----w C:\Programme\GV Everest Pokernet 2008-08-01 12:00 --------- d-----w C:\Programme\Google 2008-07-28 15:21 --------- d-----w C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\Canon 2008-07-15 20:45 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Super X Studios 2008-07-08 14:59 --------- d-----w C:\Programme\Ilusion Software 2008-06-20 17:36 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:44 360,960 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:32 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:57 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-01-22 19:45 274 ----a-w C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\wklnhst.dat 2007-03-22 12:22 57,816 ----a-w C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2005-02-22 08:55 1611488] "AnyDVD"="C:\Programme\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-09 16:08 1600448] "ICQ"="C:\Programme\ICQ6\ICQ.exe" [2008-04-01 12:40 172280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "FLMOFFICE4DMOUSE"="C:\Programme\Browser MOUSE\mouse32a.exe" [2005-12-22 14:30 360448] "HP Software Update"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152] "avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 16:15 266497] "SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe] "SoundMan"="SOUNDMAN.EXE" [2005-09-21 10:24 86016 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Dokumente und Einstellungen\Juliane Wagner\Startmen\Programme\Autostart\ reminder-ScanSoft Produkt Registrierung.lnk - C:\Programme\Caere\OmniPagePro90\EREG\REMIND32.EXE [2006-01-28 03:13:04 45056] C:\Dokumente und Einstellungen\All Users\Startmen\Programme\Autostart\ HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472] HP Photosmart Premier - Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728] Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispSettingPage"= 1 (0x1) [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AOL 9.0 Tray-Symbol.lnk] path=C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AOL 9.0 Tray-Symbol.lnk backup=C:\WINDOWS\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programme\\MSN Messenger\\msnmsgr.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Programme\\ICQ6\\ICQ.exe"= "C:\\Programme\\Messenger\\msmsgs.exe"= "C:\\Programme\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"= "C:\\Programme\\uTorrent\\uTorrent.exe"= "C:\\Programme\\BearShare Applications\\BearShare\\BearShare.exe"= S3 PAC7311;VGA SoC PC-Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-06-27 19:09] S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE30bus.sys [2006-05-15 15:45] S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE30mdfl.sys [2006-05-15 15:45] S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE30mdm.sys [2006-05-15 15:45] S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE30mgmt.sys [2006-05-15 15:45] S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);C:\WINDOWS\system32\DRIVERS\se30nd5.sys [2006-05-15 15:45] S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE30obex.sys [2006-05-15 15:45] S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);C:\WINDOWS\system32\DRIVERS\se30unic.sys [2006-05-15 15:45] . . ------- Zusätzlicher Scan ------- . FireFox -: Profile - C:\Dokumente und Einstellungen\Juliane Wagner\Anwendungsdaten\Mozilla\Firefox\Profiles\xn6630rv.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.de/ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 11:17:18 Windows 5.1.2600 Service Pack 2 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-08-13 11:18:45 ComboFix-quarantined-files.txt 2008-08-13 09:18:36 ComboFix2.txt 2008-08-12 13:27:34 Pre-Run: 25 Verzeichnis(se), 12,623,888,384 Bytes frei Post-Run: 29 Verzeichnis(se), 12,610,908,160 Bytes frei 129 --- E O F --- 2008-07-08 17:47:20 |
|
|
||
13.08.2008, 11:48
Moderator
Beiträge: 7805 |
#10
Bitte starte die "Eingabeaufforderung" ueber start Ausfuehren und dort cmd eingeben und Enter druecken.
Dort im auftauchenden Fenster netsh firewall reset eingeben, ebenfalls enter eingeben und neu starten. Danach bitte ueber www.windowsupdate.com alle wichtigen updates installieren. Das ganze so oft wiederholen, bis dir keine wichtigen Updates mehr angeboten werden. BTW: Was fuer eine Grafikkarte ist in deinem Rechner eingebaut? __________ MfG Ralf SEO-Spam Hunter |
|
|
||
13.08.2008, 12:06
Member
Themenstarter Beiträge: 11 |
#11
ok das mach ich. die grafikkarte ist ne Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family.
Vielen Dank für die schnelle und professionelle Hilfe!!! MfG maddin |
|
|
||
13.08.2008, 12:12
Moderator
Beiträge: 7805 |
#12
Schau bei Intel mal nach, ob es dort schon neuere Treiber fuer Chipsatz und Graka gibt....
__________ MfG Ralf SEO-Spam Hunter |
|
|
||
Habe mich in anderen Beiträgen schon über die Schritte informiert und werde die Ergebnisse dann hier posten.
Hoffe ihr könnt mir helfen!!!
MfG maddin